[Samba] OpenLDAP,heimdal kerberos,sasl, wich order?
Andrew Bartlett
abartlet at samba.org
Thu Apr 22 07:31:44 GMT 2004
On Thu, 2004-04-15 at 21:47, Diego Julian Remolina wrote:
> If you want to see the order on how to compile them and get them to work
> then look at:
>
> http://www.math.gatech.edu/~dijuremo/ldap/
>
> If you have a Native Windows PDC and samba is acting as a secondary then
> you can have kerberos authentication against the windows PDC kerberos.
> This is done with a cross-realm authentication trick as I was told by
> Gerald Carter (one of the developers of samba).
> Samba 3 does not support kerberos auths without having a Windows PDC with
> Active Directory. If you do not have a native windows pdc then you need
> to authenticate against the passwords stored in tdbsam or ldapsam but not
> on kerberos.
See, this is the trick I've been talking about. Technially, Samba can
use kerberos without a windows DC, but there are some silly, (and some
not quite so silly) reasons why that's not an option right now.
However, you can add Kerberos to your existing Samba LDAP server. That
is, if you run Heimdal 0.6.1 (or better still a snapshot) you can use
your sambaNTpassword as the type 23 encryption key, and have
linux/unix/OSX clients use kerberos.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040422/f8d4e615/attachment.bin
More information about the samba
mailing list